This post will be updated as more information becomes available

With the COVID-19 pandemic impacting everyone across the United States, the U.S. federal government has passed the largest stimulus package ever to help minimize financial impacts businesses and consumers. Coronavirus stimulus checks are being mentioned in the news daily, which is leading fraudsters to come up with stimulus check scams.

While there is a lot of speculation about what these payments might look like, all anyone knows right now is that the $2 trillion stimulus package has been passed by the Senate and the House of Representatives. The details around how the coronavirus stimulus checks will be distributed are still being worked out.

If anyone receives any messages or letters regarding a government check, it is very likely a coronavirus stimulus check scam. The government will not ask anyone for anyone’s Social Security number, bank account number or credit card number; the government will also not ask anyone to pay a fee upfront to get their government check; there will not be a way to “expedite payment” through a service provider either.

While the details around the stimulus package are still being worked out, it has been reported that people will not have to sign up to receive their coronavirus stimulus check. Instead, it will be an automatic process for anyone that qualifies. The IRS is expected to distribute the funds based on the direct deposit information consumers provided in their 2018 or 2019 tax returns. That means all people will have to do is wait for their stimulus check to arrive via direct deposit.

If anyone did not provide their bank account information on their last tax return, the IRS will mail people their stimulus checks. There have also been discussions about the possibility of sending some payments to consumers on prepaid debit cards to speed up the process. Once again, it is not yet known how the coronavirus stimulus checks will be disbursed. If someone reaches out saying that they can get the stimulus payment to you on a debit/credit card, please report it to local authorities or the Internet Crime Complaint Center (IC3).

However, with the stimulus package passing, people can expect to see a rise in stimulus check scams. If the government ends up mailing checks and/or prepaid debit cards, people can also expect to see a rise in prepaid card scams and physical mail theft.

To avoid any of these scams, consumers should make sure they have filed their taxes and have provided their direct deposit information to the IRS in their latest tax return. Consumers should also check to see if they are qualified to receive a coronavirus stimulus check, and for how much.

Finally, if consumers receive anything that does not seem correct or something they are not expecting, they should ignore it and go directly to the source to verify its legitimacy. There is a possibility it could be a stimulus check scam.

If people have questions regarding stimulus check scams, they are encouraged to contact the Identity Theft Resource Center through the website to live chat with an expert advisor. For those that cannot access the website, call the toll-free hotline (888.400.5530) and leave a message for an advisor. While the advisors are working remotely, there may be a delay in responding but someone will assist you as quickly as possible.


You might also like…

Unbeknownst to many consumers, the country’s most advanced consumer privacy act just went into effect on January 1, 2020. The California Consumer Privacy Act (CCPA) outlines some of the strongest protections for individual consumers and the companies they choose to do business with. However, some early reporting shows that a lot of people are still not aware of the new legislation.

DOWNLOAD OUR NEW CCPA INFOGRAPHIC HERE

CCPA provides new protections in the event of a data breach, new tools for consumers to find out exactly what information a company has collected and sold or shared and more. Under the CCPA, consumers also have the right to delete some personal information and opt-in for children. In the CCPA personal information is defined as information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information under the CCPA does not include publicly available information.

 Companies doing business in California — whether they are located there or not, or simply have customers or users who reside in the state — must provide more than just the proof of information they have collected. If an individual consumer does not want their information sold to third parties, the CCPA states they have the right to opt-out and the companies must comply. Failure to comply could result in significant fines, penalties and damage awards of up to $7,500 per consumer.

Image of business with notice of CCPA

That has been a sticking point for a number of businesses, though.

There are questions about how businesses will comply with the do not sell requirements. Some companies are claiming that if they “share” their users’ data with an outside company, they are in compliance. The supporters of the CCPA have said selling or sharing is the same thing, though companies like Facebook, CVS, Indeed and others argue their methods of providing users’ information to outsiders does not violate the CCPA.

Image of Conde Nast disclosure of CCPA

Some of the other responsibilities of businesses include a child opt-in requirement, a website notice requirement, a duty to educate, vendor agreements, third-party transfers and cybersecurity protections to prevent a data breach. In the event of a data breach, consumers can now sue to recover up to $750 in costs per data breach. For more information about consumer rights in the event of a data breach or other CCPA rights, click here.

Image of business disclosure of CCPA

Though the California Consumer Privacy Act went into effect on January 1, businesses have until July 1 to comply before enforcement—and presumably, punitive action—begins. It will be interesting to see both how this plays out for businesses that make a lot of money by selling their customers’ information, and how many other states follow suit with legislation of their own.

Sign Up For Identity Theft and Data Breach News

Sign up for the TMI Weekly to stay in the know about potential threats to your identity/privacy and tips to keep you safe. Our monthly breach alert keeps you posted on the latest trends and activity in the world of breaches.

Free Identity Theft Assistance

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

This news is currently evolving and we will update as announcements are made available.  

You might also like…

As this year winds down, it is important to spend a little time reflecting on the 2019 identity crimes, some of the things that went right in 2019 and the things that did not go as well. This is true for so many subjects, especially identity crime – which includes scams, fraud, data breaches, cybercrime and all of the other types of crimes that go with it.

Fallout from 2018

As in previous years, this past year has been a big one for these kinds of crimes. Tech users are still feeling the aftermath of things like the Facebook/Cambridge Analytica privacy debacle that was uncovered last year; Congress is still at work on what to do about consumer privacy in the social media age. Also, the news that phishing attacks more than doubled last year over the year before had researchers, businesses, lawmakers and consumers alike paying closer attention to the messages they receive.

What Went Right in 2019

Fortunately, new legislation has come along to make our privacy lives a little safer. The General Data Protection Regulation (GDPR) regulations went into effect in Europe last year, for example, and they inflict strict penalties on businesses that gather and store data but let it fall into the wrong hands. New laws in California and Colorado will be taking effect soon, intent on strengthening privacy and consumer choice. Best of all, the awareness of what constitutes these kinds of crimes and how to recognize them is increasing.

Top Security Incidents of 2019

However, this welcome news does not mean that consumers are safe or that hackers are finally giving up. With every new platform, tool or technology, there is even greater potential for new avenues of attack. Healthcare providers and insurance companies continued to be one of the hardest-hit targets this year, thanks to the overwhelming amount of personally identifiable information (PII) they gather. “Accidental exposure” breaches were a common 2019 identity crime for major-name companies, which happens when businesses store huge databases of private information – in an online server then fail to password protect it as an example. Even our entertainment was not safe, as many apps and online gaming portals suffered data breaches that were traced back to reusing passwords on multiple sites.

2019 did not just see a lot of large data breaches, but settlements as well.

Equifax Settlement

In July, Equifax reached a $700 million settlement for harms caused by their data breach. Equifax agreed to spend $425 million to help victims of the breach, leading to lots of discussion on how to file a claim.

Facebook Settlement

While the Equifax settlement was the largest in data breach history to date, Facebook blew it out of the water just two days later, as they were ordered to pay $5 billion. After the settlement, Facebook said it required a “fundamental shift” in Facebook’s approach at every level of the company in terms of their privacy.

Yahoo Settlement

A month and a half later a Yahoo data breach settlement was proposed for $117.5 million after over three billion Yahoo accounts were exposed. Identity Theft Resource Center CEO, Eva Velasquez, stated in a media alert that the settlement trend is moving the needle in the right direction for both consumers and victims. However, that was not without its challenges, including putting the onus on the consumer to tell the settlement administrators how they were harmed and provide proof of it.

10,000 Breaches Reported

This past year the Identity Theft Resouce Center also recorded 10,000 publicly-notified data breaches since 2005. As part of the milestone, the ITRC took a look back at some of the top breaches the last 15 years as part of our 10,000 Breaches Later blog series.

Minimizing Future Risks

While data breach fatigue is a recognized phenomenon, one that can occur when consumers are bombarded with constant news about their data being compromised, the flip side is the kind of paranoia that makes you want to unplug and go live off the grid. However, neither of those is the solution. What does work is an awareness of the threat and some good privacy habits to prevent crimes like the 2019 identity crimes:

We’re Here to Help

Remember, you are not responsible for the criminal behaviors of a hacker. However, you can take steps that reduce your risk of becoming a victim and help minimize the damage if the worst does occur. The Identity Theft Resource Center is always here to help. Call us toll-free at 888.400.5530 or live-chat with one of our advisors.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Exercise Car Safety to Avoid Leaving Your Identity Behind

Holiday Phishing Scams Target Small Business

Social Security Phone Scam



A privacy law in California is changing and addresses biometric protection. As criminals find new and different ways to inflict harm, various laws have evolved over the years to address such needs. Driving laws, for example, have had to adapt to faster speeds, stronger engines, self-driving technology and cellular phones. Schools and medical offices have had to revisit their student or patient protections with the advent of computerized record keeping. Even sports organizations and their governing bodies have had to reevaluate their regulations in light of newer technologies and the studies behind sports-related injuries.

Update to the Information Practices Act of 1977

Now, a new privacy law signed by California’s Governor Gavin Newsom recently highlights the way that change can make a huge impact on a lot of people, especially where their privacy is concerned.

In California, a privacy law, the Information Practices Act of 1977, was still the deciding factor in prosecuting or filing civil suits in privacy cases. What lawmakers knew about personally identifiable information (PII) back then, as well as what criminals could do with it, was outdated, and it was time for a fresh look.

Now, thanks to the newly signed bill, biometric data is included in the kinds of information that companies must keep secured if they are going to gather it. As more and more companies use things like fingerprints or facial recognition software for a wide variety of purposes, the burden of protecting that information falls on them.

Change Needed Due to Increase in Data Breach Incidents Exposing PII

According to the Identity Theft Resource Center, the volume of PII exposed in data breaches increased by 126% between 2017 and 2018 to more than 446 million records exposed. The bill also re-examines how people must be notified in the event of a data breach. One of the positive trends in identity theft and fraud over the past few years has been the increasingly rapid response to breach events, especially in terms of notifying consumers quickly if they were victimized.

Perhaps the most important thing for lawmakers to recognize is the fluid nature of creating laws that protect the public. There have been cases historically in which a perpetrator of a heinous act was let go simply due to the fact there was no clear law in place to punish the offender. With updates to identity theft and privacy laws, the public will now be even more secure.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

New Texas Law Protects Victims of Coerced Debt

Popular VPN Provider, NordVPN, Breached by Hackers

Instagram Creates New Feature That Fights Phishing Attacks

The process of ending a marriage can be lengthy and painful. During the months or even years it can take to finalize things legally, a lot can happen. In an all-too-common scenario, many people discover after their initial steps towards divorce that their spouse opened new credit cards or lines of credit in their names, leaving them with thousands of dollars of coerced debt.

While it has long been a crime to steal someone’s identity, a new law in Texas will protect victims of coerced debt and allow individuals to file charges against their exes for spousal identity theft. In some cases, stealing a partner’s identity can even be prosecuted as a form of domestic violence, according to the non-profit organization Vera House.

This law is not so much “new” as that it provides a very important clarification. Previously, identity theft was limited to using someone’s information without their consent. In the case of divorce proceedings, it might seem obvious that one partner in the marriage did not consent for their soon-to-be ex-spouse to use their information. However, in divorces in which domestic violence has played a role, this law now covers individuals who knew their information was being used during the time they were married but were powerless to stop it for some reason, leading to coerced debt.

Coerced debt is now a crime under this law. This can include a partner who has threatened you and one who has maintained tight control over all income sources. If you are facing a divorce and your partner has established debt in your name that you did not agree to but could not prevent for some reason, you may have options under this law. A qualified attorney, victim resource center or other agency may be able to tell you more, and the Identity Theft Resource Center is always available to help anyone with concerns or questions.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

One Simple Way to Not Get Your Twitch Account Hacked

Do Your Boss a Favor and Don’t Fall for a Gift Card Scam

Instagram Creates New Feature That Fights Phishing Attacks

Consumers have a new law in New York to thank for providing additional protection from identity theft and data breaches. The law, which was passed by the state legislature in June in response to the rash of record-breaking data breaches and updated regulations, spells out how companies must respond when a breach event occurs.

The new law in New York even applies to businesses outside of the state. If the victims of the breach are New Yorkers, the company must comply with the steps outlined in the law no matter where they are located. This can have a domino effect of sorts since disclosing the breach to those residents can help make consumers in other states aware that a breach has occurred, even if they are not going to be receiving notification letters due to their locations.

Moreover, the SHIELD Act in New York will cover biometric data, not just personal identifiable information like Social Security numbers or usernames and passwords. If a company gathers and stores things like fingerprints or blood type, that information is now considered worthy of triggering a data breach notification. In the past, different states have had different rules on what requires a notification letter, and until now, biometric data was not included in New York.

Further, the SHIELD Act will require companies to inform victims as quickly as possible that their information was compromised. If there are more than 500 victims from New York the company is also required to inform the state’s Attorney General’s office. It also outlines which types of information require a notification letter, such as email addresses and passwords, birthdates and SSNs.

The SHIELD Act signed last week by Governor Cuomo, goes into effect in March 2020. It is based on a lot of consumer protection concepts that were put into place in Europe under the GDPR regulations that were enacted last year. The new law in New York was also inspired in part by the Equifax data breach from a year ago, an event in which 147 million consumers had their complete identities stolen by hackers.

For its part, Equifax has now launched its claims website for consumers to find out instantly if their information has been compromised. If it has, the steps for filing a claim and seeking compensation are included on the site. The claims site can be found at EquifaxBreachSettlement.com.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

How to File an Equifax Claim for Data Breach Settlement

How To: Place a Free Credit Freeze

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches

 

Data breach laws can vary from state to state in terms of notification. For years some states did not even have laws in place that required companies to inform victims if their data had been compromised in a breach. Laws vary depending on not only the location of the company that was breached, but also the location of the victims.

Washington state has had data breach laws in place for years, but those laws had a somewhat limited scope. Currently in Washington, if certain pieces of data – like your Social Security number – are not impacted in a breach, the company does not have to offer protection service or notify victims of the incident.

A new bill in Washington would expand the definition for sensitive data to include things like your birthdate, health insurance number, student ID or military ID number and more. This essentially broadens the terms of what can trigger a required notification.

The need for this change grew out of the increase in data breaches and the growing numbers of residents whose identifying information was compromised in data breaches. More than 3 million residents of that state had their data accidentally or intentionally attacked in a one-year period from July 2017 to June 2018. With breach on the rise, Washington is taking action with their data breach laws.

This new bill would not only broaden the types of personal data that are covered, but also reduce the length of time that a company has to report the breach. The current notification law gave the affected businesses 45 days to notify the state’s attorney general of a data breach, and this new bill would reduce that to 30 days. The difference of those two weeks can make an enormous impact in minimizing the damage of victims.

Of course, laws such as this one can be seen as a double-edged sword. Supporters, security experts and consumer advocates understand that there are many different kinds of identity theft, and that serious harm can result even without stealing someone’s Social Security number. However, critics view it through the eyes of the organizations and businesses, and how it may hurt them in the event of a data breach. It is important to remember that businesses who collect and store consumers’ personally identifiable information have an obligation to protect it. If they fail in that regard, then they should have to offer information and support to the customers who were affected.

The Identity Theft Resource Center and Futurion have partnered and launched a tool called Breach Clarity, which takes publicly-available data breach information and breaks down both the threat and that actionable steps for consumers.

Watch Our New Free Webinar: Deciphering the Code of Data Breach Notifications


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: What To Know About Payment Apps and Security

By ITRC CEO, Eva Velasquez

For victims of identity crimes there are emotional, physical and lost opportunity costs experienced even when resources are provided quickly and competently. The government shutdown will make the aftermath for these victims worse.  The Identity Theft Resource Center’s AftermathTM series sheds light on the less obvious but equally devastating effects of various identity crimes.  It also highlights the downstream impacts regularly faced by victims.  Right now, we are dealing with an obvious challenge on a national scale with the federal government shutdown. In keeping with our mission of advocating for victims, and increasing awareness of the complexity of the identity crime issue, I want to highlight some of the less obvious downstream effects our team is seeing impact not only victims but all citizens during this shutdown.

There is considerable attention being paid to the obvious consequences, and rightly so. Many folks, from federal employees to those that rely on government assistance to meet their basic needs, are certainly enduring hardship. However, there are other impacts, which are less obvious, and I feel compelled to share this perspective. This is not to make the point that these impacts are greater, or causing more harm than the ones previously mentioned, rather it is to shine some light on these less obvious consequences so that decision-makers and the public realize this is happening, and understand both the short term and long-term effects.

Currently, many departments of the federal government are shutdown. This includes the Federal Trade Commission.  The FTC and the ITRC share similar mission, and a strong collaborative relationship.  We have worked together on many initiatives to better the outcomes for identity crime victims. The individuals that we have worked with at the agency are amazing people, dedicated to helping victims and stopping the identity thieves. The resources that the FTC provides are an invaluable part of the remediation process.

What is notable about the shutdown for this department is that while ftc.gov remains fully functional, the identity theft assistance arm, identitytheft.gov and the associated call center are non-operational. That’s right; the website that victims go to for these invaluable resources is dark. Victims currently cannot obtain the FTC identity theft affidavit that is a critical first step for many, if not most, identity theft remediation plans.

Government shutdown advisory from identitytheft.gov

Until identitytheft.gov comes back online victims will need to go to their local police department and get a police report to move forward with proving their innocence. This is creating an increased workload for these local departments, a burden that was only recently lifted due to changes in the Fair Credit Reporting Act that allowed the FTC affidavit to serve as the report from a law enforcement agency in lieu of a police report.

If you believe that is not a big deal and at least there is some type of workaround, please realize that law enforcement agencies are not equipped to provide robust victim services for financial crimes victims (generally), which means they are not providing victims with remediation plans or helping them to put their lives back together.  Their job is to investigate, get the bad guy, and hopefully stop the thief from harming others. Those plans come from the FTC and the Identity Theft Resource Center. As second tier responder, the ITRC receives referrals from the FTC, but with them unavailable, we’re now in the position to have to assist those victims as a first responder.

If for some reason there’s a belief that identity crimes are not a big deal, listen to what the victims are saying to understand that is not the case. You can read our Aftermath study and hear it directly from them.

The ITRC and all its resources are here for victims. We can be reached through our website www.idtheftcenter.org and our call center at 888-400-5330. Bear in mind that the shutdown has created an increase in our call volume, so please be patient.

In addition to the short term consequences, there are several long-term impacts that one will only be able to measure fully when this crisis has passed and we can unpack it using hindsight and data. One of the questions is has there been an increase in the actual number of incidents during this time period. The temporary closure of the investigative bodies that act as a deterrent will have some impact and decades of personal experience working with law enforcement and observing criminal behavior leads me to the conclusion: “Of course there will.” Identity thieves are opportunistic. Who actually believes they are not talking with each other and managing their efforts to capitalize on LESS oversight?

Another question: how much worse will the impact be for those that fall victim to identity crime during this window of closure? The ITRC knows from experience that early detection of this crime leads to quicker remediation and lessens the trauma, not to mention the total impact. We also know that consumers experience intense fear upon discovery of being a victim of identity theft. The availability of a plan of action allows them to feel empowered; giving them the ability to fight back against the powerlessness they might be feeling. Some will minimize this reaction and continue to see victims of economic crimes as overreacting, but I assure you that it’s not an overreaction. Those feelings are real. Moreover, when they cannot access the assistance they need, when they need it, it increases that feeling of powerlessness. Imagine that you come home to find that your home burglarized. It is obvious that the burglars are long gone, but all of your belongings have been touched and gone through, and many are missing. You feel violated. You need help and you need to get this reported and resolved. You call the police to get that help and are told they are closed, until further notice, so you just have to wait and try to wade through it. You think, can I clean things up? Do I have to take pictures? What if I mess something up and it creates more problems down the road. That’s exactly what identity crime victims are feeling when they get to the inoperable FTC website. Powerless.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: The 2018 Impact of Data Breaches and Cybercrime

When it comes to a credit freeze, consumers have to ask themselves when they should take this step, and why. The “when” is easy… the answer is NOW. There are very few reasons to leave your credit report unfrozen, all of them stemming from your life circumstances that involve high-volume spending, the need for new accounts or other similar, limited situations.

But “why”, is a little more difficult to explain. Your credit report is the document that gives lenders an idea of what kind of borrower you are. It contains lengthy information on your previous spending and payoffs, your open lines of credit, the amount of debt you carry, and more. However, this report is also the tool that lenders need in order to issue you a new account or line of credit; no report, no new credit card or car purchase.

It’s easy to see how blocking access to that report can prevent new lines of credit from being issued, and that goes a long way towards protecting you from fraud if someone steals or fabricates your identity. When the criminal applies for a new credit card, home utilities, a car or other similar account, the credit report will come back to the lender as “frozen,” essentially blocking the account.

This is one of the strongest measures consumers can take to help reduce their risk of financial identity theft. There are other ways your personally identifiable information fall into the wrong hands can harm you, but new account fraud is one of the easiest but most devastating scenarios. At the same time, there are not many other actionable steps consumers can take that can have this much of an impact on identity theft and fraud.

Remember when we said you should do it right now? There’s never been a better time. New legislation goes into effect this week that will remove the fees associated with freezing and thawing your credit report. Even though it takes time to “thaw” should you need it (a few business days, typically), you will no longer have to pay a fee for protecting your credit report this way. All three of the reporting agencies—Experian, Equifax, and TransUnion—will no longer charge this fee thanks to legislation that was passed after the Equifax data breach.

In order to freeze your credit, here are a few steps to take. While you handle that, remember that you’re also entitled to one free copy of your credit report from each of the three major reporting agencies every year. You don’t have to request them all at once, though, so you can stagger your requests a few months apart and get a look at your credit report all throughout the year.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: Is Your Bluetooth Tracking You?